MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa3e6aa1da234a7a0f266d6720e02bde0c5bae44ecd4f25477449bfc710bfb26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa3e6aa1da234a7a0f266d6720e02bde0c5bae44ecd4f25477449bfc710bfb26
SHA3-384 hash: 1a1784d710fb95ebba9481661fa4965f664ab857506fdcd6aa5d7cecdd046e42ae4dab242891b5e1fd91d3b02aa8b054
SHA1 hash: ac2500a58f6b7fea23bd1b793a09167d7bf91920
MD5 hash: 254704b73eb0df6f16aa3de20cabc650
humanhash: music-black-cat-whiskey
File name:PO-6843-217-Order-Quote.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-26 07:40:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 1536:GMGGaR0U/96iPJO2sgg4abdxEbA7YoRdrgDKCmNE6NHlY0tOp1v3:GMGGViPQEbKYWrgDKCEE6NM
TLSH 7D45F813B6D8AC91ED111FB01FD59F650E26FC266E905B03F64FB75D2B3A2A50FA1208
Reporter abuse_ch
Tags:geo GuLoader img KOR


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm46.hanmail.net
Sending IP: 203.133.180.234
From: 김대곤 <dgkim@rpmtech.co.kr>
Subject: 견적 요청 (친절하게 견적)
Attachment: PO-6843-217-Order-Quote.img (contains "PO-6843-217-Order-Quote.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1uu9s2DGGuZZ2tphyA_t6iL3f5aF1HXUM

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 11:19:11 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img aa3e6aa1da234a7a0f266d6720e02bde0c5bae44ecd4f25477449bfc710bfb26

(this sample)

GuLoader

Executable exe 435de432f3870ad1349db6a830ef797597e19630c8439d7d61b2ce2524e9da33

  
URLhaus
https://urlhaus.abuse.ch/url/368620/
  
Dropping
MD5 093c59590eba1b4324a1c8220d07c545
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 435de432f3870ad1349db6a830ef797597e19630c8439d7d61b2ce2524e9da33

Comments